Combofix rapport
Fermé
dliardet
-
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
toptitbal Messages postés 26224 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
ComboFix 08-08-29.02 - David Liardet 2008-08-30 2:28:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1537 [GMT 2:00]
Endroit: C:\Documents and Settings\David Liardet\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\David Liardet\Application Data\rhctm7j0en2p
C:\Documents and Settings\Lili Dos Santos\Cookies\lili_dos_santos@ehg-swisscom.hitbox[2].txt
C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\system32\blphcpm7j0en2p.scr
C:\WINDOWS\system32\phcpm7j0en2p.bmp
C:\WINDOWS\SYSTEM32\VEdLTvut.ini
C:\WINDOWS\SYSTEM32\VEdLTvut.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-28 15:27 . 2008-08-28 15:39 96,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-08-28 15:27 . 2008-08-28 15:39 87,855 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-08-28 15:26 . 2008-08-28 15:26 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-28 15:26 . 2008-08-30 13:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-28 15:26 . 2008-08-30 06:59 3,368,992 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-08-28 15:26 . 2008-08-30 06:59 507,936 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-08-28 15:26 . 2008-08-30 06:59 27,400 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-08-28 15:26 . 2008-08-30 06:59 2,816 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\Malwarebytes
2008-08-26 15:12 . 2008-08-26 15:22 <REP> d-------- C:\WINDOWS\LastGood(2)
2008-08-23 15:24 . 2008-08-30 13:15 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\OpenOffice.org2
2008-08-23 15:18 . 2008-08-23 15:18 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-23 12:49 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-08-23 12:49 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys
2008-08-23 12:49 . 2008-08-23 12:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-22 23:23 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 23:23 . 2008-08-22 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 23:23 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-22 23:23 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-22 23:08 . 2008-08-22 23:08 <REP> d-------- C:\Program Files\Trend Micro
2008-08-21 20:22 . 2008-08-28 12:46 <REP> d-------- C:\Program Files\a-squared Free
2008-08-17 19:00 . 2008-08-28 12:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-17 19:00 . 2008-08-28 15:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 18:21 . 2008-08-17 18:21 32 --a-s---- C:\WINDOWS\SYSTEM32\3897972993.dat
2008-08-17 18:17 . 2008-08-23 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-17 18:17 . 2008-08-17 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 11:04 . 2008-08-28 13:10 <REP> d-------- C:\Program Files\Yahoo!
2008-07-16 11:04 . 2008-07-16 11:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Teleca
2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-07-16 10:50 . 2005-05-23 13:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-07-16 10:50 . 2007-07-08 14:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Desperate Housewives
2008-07-16 10:50 . 2008-08-26 15:25 <REP> d-------- C:\Documents and Settings\Administrateur
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 00:29 --------- d-----w C:\Program Files\GamesBar
2008-08-28 18:13 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\Skype
2008-08-28 13:39 58,368 ----a-w C:\WINDOWS\SYSTEM32\spoolsv.exe
2008-08-28 13:39 509,952 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
2008-08-28 13:39 16,896 ----a-w C:\WINDOWS\SYSTEM32\svchost.exe
2008-08-28 13:39 14,336 ----a-w C:\WINDOWS\SYSTEM32\lsass.exe
2008-08-28 13:39 110,080 ----a-w C:\WINDOWS\SYSTEM32\services.exe
2008-08-28 13:39 1,039,360 ----a-w C:\WINDOWS\explorer.exe
2008-08-28 11:06 --------- d-----w C:\Program Files\Gamenext
2008-08-26 13:24 --------- d-----w C:\Program Files\World of Warcraft (privé)
2008-08-25 13:18 --------- d-----w C:\Program Files\World of Warcraft
2008-08-23 13:17 --------- d-----w C:\Program Files\Java
2008-08-23 10:51 --------- d-----w C:\Program Files\Nokia
2008-08-23 10:51 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-08-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-18 14:58 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\scrfunkamok
2008-08-18 14:52 --------- d-----w C:\Documents and Settings\David Liardet\Application Data\scrfunkamok
2008-08-18 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2008-08-17 17:44 --------- d-----w C:\Program Files\BearShare
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:38 90,624 ----a-w C:\WINDOWS\SYSTEM32\nmwcdcls.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-01 14:31 331,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
.
------- Sigcheck -------
2008-08-28 15:39 16896 a8fb150e88a67da58410b7e28ad52e8c C:\WINDOWS\SYSTEM32\svchost.exe
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
2008-08-28 15:39 509952 68f89dcb80b45660aee06bf1fe353b49 C:\WINDOWS\SYSTEM32\winlogon.exe
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-08-28 15:39 110080 e063b61a9466b0cf8a3a68316bd85877 C:\WINDOWS\SYSTEM32\services.exe
2008-08-28 15:39 14336 0c4a26a14d5812484d8a3c834bbd47ab C:\WINDOWS\SYSTEM32\lsass.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-05 13:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-08-28 15:39 58368 3513a57ec257df60f641d20031acb383 C:\WINDOWS\SYSTEM32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-26 23:29 36864]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 17:41 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 15:25 1011712]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:53 1838592]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"jGnnL"= {701B4D5E-DAB1-E7F4-5014-331C81A3A981} - C:\WINDOWS\system32\vqa.dll [2007-04-16 17:53 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winet18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingg00.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhv06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkd16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winli76.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintw03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winus13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwj78.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HD Publishing\\Joint Task Force\\jtf.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 19:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S0 Winbb65;Winbb65;C:\WINDOWS\system32\Drivers\Winbb65.sys []
S0 Winet18;Winet18;C:\WINDOWS\system32\Drivers\Winet18.sys []
S0 Winff25;Winff25;C:\WINDOWS\system32\Drivers\Winff25.sys []
S0 Wingg00;Wingg00;C:\WINDOWS\system32\Drivers\Wingg00.sys []
S0 Winhv06;Winhv06;C:\WINDOWS\system32\Drivers\Winhv06.sys []
S0 Winii23;Winii23;C:\WINDOWS\system32\Drivers\Winii23.sys []
S0 Winkd16;Winkd16;C:\WINDOWS\system32\Drivers\Winkd16.sys []
S0 Winli76;Winli76;C:\WINDOWS\system32\Drivers\Winli76.sys []
S0 Wintw03;Wintw03;C:\WINDOWS\system32\Drivers\Wintw03.sys []
S0 Winus13;Winus13;C:\WINDOWS\system32\Drivers\Winus13.sys []
S0 Winwj78;Winwj78;C:\WINDOWS\system32\Drivers\Winwj78.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 04:17]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0220ff4-4ef4-11db-a566-00123f30285f}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
2005-06-29 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1117227390.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 01:46]
2008-08-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBAB188B-CE11-4665-A1AD-6E8635453E7F}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
HKLM-Run-LFAgent - (no file)
Notify-WinCtrl32 - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\David Liardet\Application Data\Mozilla\Firefox\Profiles\ha6mbk7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ch/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 13:11:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a2freeRasAutogusvc]
"ImagePath"="ð%€|\18Ï\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0DcomLaunch]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0ose]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcDcomLaunch]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodNtLmSsp]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerNlaAppMgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaAppMgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvcupnphost]
"ImagePath"="ð%€|ÀÍ\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutogusvc]
"ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoPolicyAgent]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerter]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerterRasMan]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrdmserver]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSsCryptSvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPGoogleDesktopManager]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvMSDTC]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvcclr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|XÍ\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvcNla]
"ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 13:19:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 11:19:41
Pre-Run: 86,592,061,440 octets libres
Post-Run: 87,004,753,920 octets libres
344 --- E O F --- 2008-08-29 23:04:06
ComboFix 08-08-29.02 - David Liardet 2008-08-30 2:28:56.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1537 [GMT 2:00]
Endroit: C:\Documents and Settings\David Liardet\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\David Liardet\Application Data\rhctm7j0en2p
C:\Documents and Settings\Lili Dos Santos\Cookies\lili_dos_santos@ehg-swisscom.hitbox[2].txt
C:\Program Files\GamesBar\oberontb.dll
C:\WINDOWS\system32\blphcpm7j0en2p.scr
C:\WINDOWS\system32\phcpm7j0en2p.bmp
C:\WINDOWS\SYSTEM32\VEdLTvut.ini
C:\WINDOWS\SYSTEM32\VEdLTvut.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-30 ))))))))))))))))))))))))))))))))))))
.
2008-08-28 15:27 . 2008-08-28 15:39 96,976 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat
2008-08-28 15:27 . 2008-08-28 15:39 87,855 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat
2008-08-28 15:26 . 2008-08-28 15:26 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-08-28 15:26 . 2008-08-30 13:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-28 15:26 . 2008-08-30 06:59 3,368,992 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.dat
2008-08-28 15:26 . 2008-08-30 06:59 507,936 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.dat
2008-08-28 15:26 . 2008-08-30 06:59 27,400 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox.idx
2008-08-28 15:26 . 2008-08-30 06:59 2,816 --ahs---- C:\WINDOWS\SYSTEM32\DRIVERS\fidbox2.idx
2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-08-26 15:22 . 2008-08-26 15:22 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\Malwarebytes
2008-08-26 15:12 . 2008-08-26 15:22 <REP> d-------- C:\WINDOWS\LastGood(2)
2008-08-23 15:24 . 2008-08-30 13:15 <REP> d-------- C:\Documents and Settings\David Liardet\Application Data\OpenOffice.org2
2008-08-23 15:18 . 2008-08-23 15:18 <REP> d-------- C:\Program Files\OpenOffice.org 2.4
2008-08-23 12:49 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-08-23 12:49 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pccsmcfd.sys
2008-08-23 12:49 . 2008-08-23 12:49 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-22 23:23 . 2008-08-26 15:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 23:23 . 2008-08-22 23:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 23:23 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-08-22 23:23 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-08-22 23:08 . 2008-08-22 23:08 <REP> d-------- C:\Program Files\Trend Micro
2008-08-21 20:22 . 2008-08-28 12:46 <REP> d-------- C:\Program Files\a-squared Free
2008-08-17 19:00 . 2008-08-28 12:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-17 19:00 . 2008-08-28 15:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-17 18:21 . 2008-08-17 18:21 32 --a-s---- C:\WINDOWS\SYSTEM32\3897972993.dat
2008-08-17 18:17 . 2008-08-23 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-17 18:17 . 2008-08-17 18:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-16 11:04 . 2008-08-28 13:10 <REP> d-------- C:\Program Files\Yahoo!
2008-07-16 11:04 . 2008-07-16 11:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-07-16 10:50 . 2005-05-23 13:00 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-07-16 10:50 . 2005-05-23 13:00 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Teleca
2008-07-16 10:50 . 2007-08-16 18:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sony Ericsson
2008-07-16 10:50 . 2005-05-23 13:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-07-16 10:50 . 2007-07-08 14:28 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Desperate Housewives
2008-07-16 10:50 . 2008-08-26 15:25 <REP> d-------- C:\Documents and Settings\Administrateur
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-30 00:29 --------- d-----w C:\Program Files\GamesBar
2008-08-28 18:13 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\Skype
2008-08-28 13:39 58,368 ----a-w C:\WINDOWS\SYSTEM32\spoolsv.exe
2008-08-28 13:39 509,952 ----a-w C:\WINDOWS\SYSTEM32\winlogon.exe
2008-08-28 13:39 16,896 ----a-w C:\WINDOWS\SYSTEM32\svchost.exe
2008-08-28 13:39 14,336 ----a-w C:\WINDOWS\SYSTEM32\lsass.exe
2008-08-28 13:39 110,080 ----a-w C:\WINDOWS\SYSTEM32\services.exe
2008-08-28 13:39 1,039,360 ----a-w C:\WINDOWS\explorer.exe
2008-08-28 11:06 --------- d-----w C:\Program Files\Gamenext
2008-08-26 13:24 --------- d-----w C:\Program Files\World of Warcraft (privé)
2008-08-25 13:18 --------- d-----w C:\Program Files\World of Warcraft
2008-08-23 13:17 --------- d-----w C:\Program Files\Java
2008-08-23 10:51 --------- d-----w C:\Program Files\Nokia
2008-08-23 10:51 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-08-23 10:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-18 14:58 --------- d-----w C:\Documents and Settings\Lili Dos Santos\Application Data\scrfunkamok
2008-08-18 14:52 --------- d-----w C:\Documents and Settings\David Liardet\Application Data\scrfunkamok
2008-08-18 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\INTERNET SPAM SUPPORT AUDIO
2008-08-17 17:44 --------- d-----w C:\Program Files\BearShare
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\SYSTEM32\mscms.dll
2008-06-24 16:23 74,240 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mscms.dll
2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 10:44 138,368 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\bthport.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\rmcast.sys
2008-05-07 05:38 90,624 ----a-w C:\WINDOWS\SYSTEM32\nmwcdcls.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-05-07 05:15 1,293,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\quartz.dll
2008-05-01 14:31 331,776 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msadce.dll
.
------- Sigcheck -------
2008-08-28 15:39 16896 a8fb150e88a67da58410b7e28ad52e8c C:\WINDOWS\SYSTEM32\svchost.exe
2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-05 13:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 21:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-13 04:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 13:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DLLCACHE\tcpip.sys
2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
2008-08-28 15:39 509952 68f89dcb80b45660aee06bf1fe353b49 C:\WINDOWS\SYSTEM32\winlogon.exe
md5deep: C:\WINDOWS\explorer.exe: error at offset 0: Permission denied
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-08-28 15:39 110080 e063b61a9466b0cf8a3a68316bd85877 C:\WINDOWS\SYSTEM32\services.exe
2008-08-28 15:39 14336 0c4a26a14d5812484d8a3c834bbd47ab C:\WINDOWS\SYSTEM32\lsass.exe
2005-06-11 02:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-05 13:00 57856 b4ef928e4fad79364a80acba6d999934 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2008-08-28 15:39 58368 3513a57ec257df60f641d20031acb383 C:\WINDOWS\SYSTEM32\spoolsv.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-26 23:29 36864]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 17:41 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 15:42 1404928]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 21:12 221184]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54 57344]
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01 110592]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19 69632]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2005-03-28 15:25 1011712]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 18:49 49152]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 10:46 497200]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 11:34 614960]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-06-26 11:33 243248]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-05-26 12:45 257088]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-13 21:53 1838592]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"jGnnL"= {701B4D5E-DAB1-E7F4-5014-331C81A3A981} - C:\WINDOWS\system32\vqa.dll [2007-04-16 17:53 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbb65.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winet18.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winff25.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wingg00.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhv06.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winii23.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkd16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winli76.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintw03.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winus13.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwj78.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\HD Publishing\\Joint Task Force\\jtf.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.0\\cnc3game.dat"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R2 LF30FS;LF30FS;C:\Program Files\Everstrike Software\Lock Folder XP 3.6\LF30XP.sys [2004-11-19 19:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S0 Winbb65;Winbb65;C:\WINDOWS\system32\Drivers\Winbb65.sys []
S0 Winet18;Winet18;C:\WINDOWS\system32\Drivers\Winet18.sys []
S0 Winff25;Winff25;C:\WINDOWS\system32\Drivers\Winff25.sys []
S0 Wingg00;Wingg00;C:\WINDOWS\system32\Drivers\Wingg00.sys []
S0 Winhv06;Winhv06;C:\WINDOWS\system32\Drivers\Winhv06.sys []
S0 Winii23;Winii23;C:\WINDOWS\system32\Drivers\Winii23.sys []
S0 Winkd16;Winkd16;C:\WINDOWS\system32\Drivers\Winkd16.sys []
S0 Winli76;Winli76;C:\WINDOWS\system32\Drivers\Winli76.sys []
S0 Wintw03;Wintw03;C:\WINDOWS\system32\Drivers\Wintw03.sys []
S0 Winus13;Winus13;C:\WINDOWS\system32\Drivers\Winus13.sys []
S0 Winwj78;Winwj78;C:\WINDOWS\system32\Drivers\Winwj78.sys []
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2005-03-22 04:17]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 19:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-04 19:11]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-04 19:11]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers;C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-04 19:13]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-04 19:15]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0220ff4-4ef4-11db-a566-00123f30285f}]
\Shell\AutoRun\command - F:\setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
2005-06-29 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2100 series#1117227390.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-06-27 01:46]
2008-08-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBAB188B-CE11-4665-A1AD-6E8635453E7F}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 12:58]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
HKLM-Run-LFAgent - (no file)
Notify-WinCtrl32 - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\David Liardet\Application Data\Mozilla\Firefox\Profiles\ha6mbk7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ch/
FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 13:11:50
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\a2freeRasAutogusvc]
"ImagePath"="ð%€|\18Ï\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0DcomLaunch]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0ose]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcDcomLaunch]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPodNtLmSsp]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerNlaAppMgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaAppMgmt]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nlaidsvcupnphost]
"ImagePath"="ð%€|ÀÍ\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutogusvc]
"ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoPolicyAgent]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerter]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrAlerterRasMan]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgrdmserver]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSsCryptSvc]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPGoogleDesktopManager]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrvMSDTC]
"ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usnjsvcclr_optimization_v2.0.50727_32]
"ImagePath"="ð%€|XÍ\[u]0[/u]9 srv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvcNla]
"ImagePath"="ð%€|¨Í\[u]0[/u]9 srv"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ati2evxx.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\SYSTEM32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
C:\WINDOWS\SYSTEM32\IMAPI.EXE
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-30 13:19:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 11:19:41
Pre-Run: 86,592,061,440 octets libres
Post-Run: 87,004,753,920 octets libres
344 --- E O F --- 2008-08-29 23:04:06
1 réponse
Bonjour
Recolle ton rapport dans cette discussion : http://www.commentcamarche.net/forum/affich 8160810 rapport hijackthis
Si tu ouvres un nouveau topik pour chaque réponse c'est incompréhensible et personne ne pourra t'aider...
Recolle ton rapport dans cette discussion : http://www.commentcamarche.net/forum/affich 8160810 rapport hijackthis
Si tu ouvres un nouveau topik pour chaque réponse c'est incompréhensible et personne ne pourra t'aider...
